@@ -174,7 +174,14 @@ check_tls(struct context *c)
const int tmp_status = tls_multi_process
(c->c2.tls_multi, &c->c2.to_link, &c->c2.to_link_addr,
get_link_socket_info(c), &wakeup);
- if (tmp_status == TLSMP_ACTIVE)
+
+ if (tmp_status == TLSMP_RECONNECT)
+ {
+ event_timeout_init(&c->c2.wait_for_connect, 1, now);
+ reset_coarse_timers(c);
+ }
+
+ if (tmp_status == TLSMP_ACTIVE || tmp_status == TLSMP_RECONNECT)
{
update_time();
interval_action(&c->c2.tmp_int);
@@ -196,9 +203,15 @@ check_tls(struct context *c)
interval_schedule_wakeup(&c->c2.tmp_int, &wakeup);
- /* Our current code has no good hooks in the TLS machinery to update
+ /*
+ * Our current code has no good hooks in the TLS machinery to update
* DCO keys. So we check the key status after the whole TLS machinery
* has been completed and potentially update them
+ *
+ * We have a hidden state transition from secondary to primary key based
+ * on ks->auth_deferred_expire that DCO needs to check that the normal
+ * TLS state engine does not check. So we call the \c check_dco_key_status
+ * function even if tmp_status does not indicate that something has changed.
*/
check_dco_key_status(c);
@@ -302,7 +315,6 @@ check_push_request(struct context *c)
static void
check_connection_established(struct context *c)
{
-
if (connection_established(c))
{
/* if --pull was specified, send a push request to server */
@@ -337,7 +349,6 @@ check_connection_established(struct context *c)
event_timeout_clear(&c->c2.wait_for_connect);
}
-
}
bool
@@ -2219,7 +2219,13 @@ do_up(struct context *c, bool pulled_options, unsigned int option_types_found)
}
}
}
+ }
+ /* This pats needs to be run in p2p mode (wihout pull) when the client
+ * reconnects to setup various things (like DCO and NCP cipher) that
+ * might have changed from the previous client. */
+ if (!c->c2.do_up_ran || (c->c2.tls_multi && c->c2.tls_multi->multi_state == CAS_RECONNECT_PENDING))
+ {
if (c->mode == MODE_POINT_TO_POINT)
{
/* ovpn-dco requires adding the peer now, before any option can be set,
@@ -3249,29 +3249,29 @@ tls_multi_process(struct tls_multi *multi,
if (multi->multi_state >= CAS_CONNECT_DONE)
{
- for (int i = 0; i < TM_SIZE; ++i)
- {
- struct tls_session *session = &multi->session[i];
- struct key_state *ks = &session->key[KS_PRIMARY];
+ /* Only generate keys for the TM_ACTIVE session. We defer generating
+ * keys for TM_UNTRUSTED until we actually trust it.
+ * For TM_LAME_DUCK it makes no sense to generate new keys. */
+ struct tls_session *session = &multi->session[TM_ACTIVE];
+ struct key_state *ks = &session->key[KS_PRIMARY];
- if (ks->state == S_ACTIVE && ks->authenticated == KS_AUTH_TRUE)
+ if (ks->state == S_ACTIVE && ks->authenticated == KS_AUTH_TRUE)
+ {
+ /* Session is now fully authenticated.
+ * tls_session_generate_data_channel_keys will move ks->state
+ * from S_ACTIVE to S_GENERATED_KEYS */
+ if (!tls_session_generate_data_channel_keys(multi, session))
{
- /* Session is now fully authenticated.
- * tls_session_generate_data_channel_keys will move ks->state
- * from S_ACTIVE to S_GENERATED_KEYS */
- if (!tls_session_generate_data_channel_keys(multi, session))
- {
- msg(D_TLS_ERRORS, "TLS Error: generate_key_expansion failed");
- ks->authenticated = KS_AUTH_FALSE;
- ks->state = S_ERROR;
- }
+ msg(D_TLS_ERRORS, "TLS Error: generate_key_expansion failed");
+ ks->authenticated = KS_AUTH_FALSE;
+ ks->state = S_ERROR;
+ }
- /* Update auth token on the client if needed on renegotiation
- * (key id !=0) */
- if (session->key[KS_PRIMARY].key_id != 0)
- {
- resend_auth_token_renegotiation(multi, session);
- }
+ /* Update auth token on the client if needed on renegotiation
+ * (key id !=0) */
+ if (session->key[KS_PRIMARY].key_id != 0)
+ {
+ resend_auth_token_renegotiation(multi, session);
}
}
}
@@ -3304,6 +3304,12 @@ tls_multi_process(struct tls_multi *multi,
move_session(multi, TM_ACTIVE, TM_UNTRUSTED, true);
msg(D_TLS_DEBUG_LOW, "TLS: tls_multi_process: untrusted session promoted to %strusted",
tas == TLS_AUTHENTICATION_SUCCEEDED ? "" : "semi-");
+
+ if (multi->multi_state == CAS_CONNECT_DONE)
+ {
+ multi->multi_state = CAS_RECONNECT_PENDING;
+ active = TLSMP_RECONNECT;
+ }
}
/*
@@ -212,6 +212,7 @@ void tls_multi_free(struct tls_multi *multi, bool clear);
#define TLSMP_INACTIVE 0
#define TLSMP_ACTIVE 1
#define TLSMP_KILL 2
+#define TLSMP_RECONNECT 3
/*
* Called by the top-level event loop.
@@ -551,7 +551,12 @@ enum multi_status {
CAS_PENDING_DEFERRED_PARTIAL, /**< at least handler succeeded but another is still pending */
CAS_FAILED, /**< Option import failed or explicitly denied the client */
CAS_WAITING_OPTIONS_IMPORT, /**< client with pull or p2p waiting for first time options import */
+ CAS_RECONNECT_PENDING, /**< session has already successful established (CAS_CONNECT_DONE)
+ * but has a reconnect and needs to redo some initialisation, this state is
+ * similar CAS_WAITING_OPTIONS_IMPORT but skips a few things. The normal connection
+ * skips this step. */
CAS_CONNECT_DONE,
+
};
We introduce this state to make the reconnecting of a client more obvious and what is called again instead of making it implicit. The new state CAS_RECONNECT_PENDING is between CAS_WAITING_OPTIONS_IMPORT and CAS_CONNECT_DONE as we need to redo some of the steps of the connection setup, so this new state is going a "half step" back in the state machine. We also do no longer generate data channel keys for untrusted session. This is done for clarity but also to allow them being generated after the session has become actually active. These changes allow a reconnect in p2p mode with DCO to work as the initial reconnect working. Signed-off-by: Arne Schwabe <arne@rfc2549.org> --- src/openvpn/forward.c | 19 +++++++++++++---- src/openvpn/init.c | 6 ++++++ src/openvpn/ssl.c | 46 +++++++++++++++++++++++----------------- src/openvpn/ssl.h | 1 + src/openvpn/ssl_common.h | 5 +++++ 5 files changed, 53 insertions(+), 24 deletions(-)